Setting Up Passwordless Authentication, Ansible Inventory, and Installing Nginx with Ansible Playbooks

In this blog, we will dive into three key concepts for managing your EC2 instances with ease: Passwordless Authentication, Ansible Inventory, and Installing Nginx with Ansible Playbooks. These tools are invaluable for automating tasks and ensuring smooth and efficient management of your cloud infrastructure. 🚀

1. What is Passwordless Authentication? 🔑

Passwordless authentication is a secure method of logging into a remote EC2 instance without needing to manually enter a password. Instead, it uses cryptographic keys to verify the identity of the user.

In the context of SSH (Secure Shell) connections, passwordless authentication allows us to use SSH keys for authentication instead of typing a password every time we connect to an EC2 instance. This increases security and saves time for administrators and users alike. 🔒

Here’s how it works:

• A public-private key pair is generated using tools like ssh-keygen.

• The public key is then added to the EC2 instance’s ~/.ssh/authorized_keys file.

• When you attempt to SSH into the instance, your local machine uses the private key to prove your identity. The EC2 instance checks the public key and grants access if the keys match. ✅

Steps for Setting Up Passwordless Authentication on EC2 Instances 📝

1. Generate an SSH Key Pair 🔑

   On your local machine (the one you're connecting from), run the following command to generate an SSH key pair:

    ssh-keygen -t rsa -b 2048
   

   This will generate two files:

   • Private key: Typically stored in ~/.ssh/id_rsa (keep it private!)

   • Public key: Typically stored in ~/.ssh/id_rsa.pub (this is shared with the EC2 instance)

2. Manually Copy the Public Key to the EC2 Instance 📤

   Now, let’s manually add your public key to the EC2 instance’s authorized_keys file. Here are the steps:

   • Step 1: Copy your public key to the clipboard.

     First, display the content of your public key using this command:

       cat ~/.ssh/id_rsa.pub
     

     Then copy the entire output (the public key) to your clipboard.

   • Step 2: Connect to your EC2 instance using SSH. Note: If your local machine is not within the same VPC or lacks a direct network connection (e.g., via VPN), you need to use the public IP to SSH into your EC2 instance.

       ssh ubuntu@<public_ip_of_ec2_instance>
     

   • Step 3: Set proper permissions.

     
       chmod 700 ~/.ssh
     

   • Step 4: Open the authorized_keys file for editing.

       vim ~/.ssh/authorized_keys
     

   • Step 5: Paste the public key into the file.

     Paste the public key that you copied earlier onto the next line of the authorized_keys file. Make sure there are no extra line breaks or spaces at the beginning or end of the key.

     Example: If your public key looks like this:

       ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt7uDYK9h7FDIf7hvXGfiU6HQnt8eE...
     

     The file will look something like this after pasting the key:

       ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt7uDYK9h7FDIf7hvXGfiU6HQnt8eE...
     

     Important: If there are multiple keys in the file, make sure each key is on a new line.

   • Step 6: Save and close the file.

     In vim, press Escape and type :wq and save the file and exit.

   • Step 7: Set the correct permissions for the authorized_keys file.

       chmod 600 ~/.ssh/authorized_keys
     

3. Test the Passwordless SSH Connection 🔄

   Finally, test your setup by logging in to the EC2 instance via SSH. You should be able to log in without being prompted for a password:

    ssh ubuntu@<public_ip_of_ec2_instance>
   

   If everything is set up correctly, you will be logged in without needing to enter a password! 🎉

2. Ansible Inventory: The Heart of Configuration Management for EC2 📋

An Ansible inventory file is a simple text file where you define the EC2 instances or the IP addresses to various servers that we wish to configureand manage with Ansible. It lists the EC2 instances and their configurations, which are then targeted in playbooks.

Structure of the Ansible Inventory File:

The inventory file can contain a list of EC2 instances by public IP or private IP, along with other configurations like the SSH username and private key for authentication. You can create an inventory file in INI format or YAML format.

Example of Inventory Using Public IP (Not in Same VPC):

If your EC2 instance is in a different VPC (or you're connecting from outside the VPC), you should use the public IP of the EC2 instance.

[webservers]
ec2_instance ansible_host=3.95.250.13 ansible_user=ubuntu

[dbservers]
db1 ansible_host=192.168.1.20 ansible_user=ubuntu

Example of Inventory Using Private IP (Same VPC):

If you're within the same VPC, you can use the private IP of the EC2 instance for faster, internal communication:

[webservers]
ec2_instance ansible_host=10.0.0.1 ansible_user=ubuntu

[dbservers]
db1 ansible_host=10.0.0.2 ansible_user=ubuntu

Note: Always use the private IP if you're working within the same VPC, as this avoids additional data transfer costs and improves network speed. 🌐

3. Installing Nginx on EC2 Instances Using Ansible Playbook 🚀

Now that we've covered passwordless SSH authentication and the setup of the Ansible inventory file, let’s create an Ansible playbook to install Nginx, a popular web server, on EC2 instances.

An Ansible playbook is a YAML file containing a list of tasks that define the actions you want to perform on your EC2 instance.

Here’s an example playbook to install Nginx:

--- #indicated YAML file
- name: Install and start Ngnix
  hosts: all  #can be all/grouped ip
  become: true #as root user

  tasks: 
   - name: Install ngnix
     apt:  #shell: apt install nginx ; this is a module by ansible already
      name: nginx
      state: present
   - name: Start nginx
     service:
      name: nginx
      state: started


# --- indicated YAML file
# -name 
# -name  , this indicated multiple playbooks
#tasks 
# -name is the list of task to perform

This playbook does the following:

1. Updates the apt repository.

2. Installs Nginx.

3. Starts the Nginx service and enables it to start at boot.

You can always refer to the ansible Documentation to write these playbooks

Ansible Module Documentation

Running the Playbook:

To run the playbook, simply execute the following command:

ansible-playbook -i inventory install_nginx.yml

Ansible will then log into the EC2 instance (using the public or private IP, based on the inventory) and install Nginx for you. 🎉

Conclusion 🎯

By setting up passwordless SSH authentication, managing EC2 instances using Ansible inventories, and automating tasks like installing Nginx with Ansible playbooks, you can streamline your workflow and increase your efficiency. These practices will save you time and reduce human error, allowing you to focus on more important tasks in your cloud infrastructure management. 🌐🚀

~Thank you